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This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 

Listing of Claims; 



1. (Currently Amended) A method for enhanced privacy 
protection in identification in a data communications network, 
the method comprising: 

enrolling, by a user, with an authority over said 
data communications network for a service on said data 
communications network; 

receiving, by said user from said authority over said 
data communications network , a randomized identifier (ID) 
in response to said enrolling; 

storing said randomized ID; and 

using said randomized ID, by said user, and a service 
request to obtain services^ on said data communications 
network , from a service provider wherein said service 
provider is different from said authority . 



GUNNISON. McKAY & 

HODGSON, LLP. 
Garden WcS Office Plaza 
1900 Garden Road. Sniie 220 
Mccierey. CA 93940 

(831)655-0380 
Fax (831)655-0888 



2. (Currently Amended) A program storage device readable 
by a machine, embodying a program of instructions executable by 
the machine to perform a method for enhanced privacy protection 
in identification in a data communications network, the method 
comprising : 

enrolling, by a user, with an authority over said 
data communications network for a service on said data 
communications network; 

receiving, by said user from said authority over said 
data communications network , a randomized identifier (ID) 
in response to said enrolling; 

storing said randomized ID; and 

using said randomized ID, by said user, and a service 
request to obtain services^ on said data communications 
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network , from a service provider wherein said service 
provider is different from said authority . 

3. (Currently Amended) An apparatus for enhanced privacy 
protection in identification in a data communications network, 
the apparatus comprising: 

means for enrolling, by a user, with an authority 
over said data communications network for a service on 
said data communications network; 

means for receiving, by said user from said authority 
over said data communications network , a randomized 
identifier (ID) in response to said enrolling; 

means for storing said randomized ID; and 

means for using said randomized ID, by said user, and 
a service request to obtain services^ on said data 
communications network , from a service provider wherein 
said service provider is different from said authority . . 

4. (Currently Amended) An apparatus for enhanced privacy 
protection in identification in a data communications network, 
the apparatus comprising: 

a smart card configured to store a randomized ID 
obtained in response to enrolling for a service with an 
authority , by a user, on said data communications network, 
said smart card further configured to release said 
randomized ID to obtain services on said data 
communications network from a service provider wherein 
said service provider is different from said authority . 
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5. (Previously Presented) A memory for storing data for 
access by an application program being executed on a data 
processing system, comprising: 

a data structure stored in said memory, said data 

structure including : 
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credential data; 

an authority peer group ID that identifies an 
entity that provided data authentication for said 
credential, said entity comprising a one or more 
network servers in a data communications network, one 
of said one or more network servers providing data 
authentication for said credential; and 

a cryptogram provided by said entity and used to 
authenticate said credential data. 

6. (Currently Amended) A method for obtaining a service 
on a data communications network, the method comprising: 

presenting , over said data communications network an 
authority on said data communications network with user 
data and a credential request; and 

receiving , over said data communication network, a 
credential from said authority, in response to said 
credential request, said credential comprising: 
a randomized identifier; 
credential user data; and 

an indication of the credential user data 
verification performed by said authority in response 
to said credential request. 
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7. (Currently Amended) A method for obtaining a service 
on a data communications network, the method comprising: 

presenting , over said data communications network, an 
authority on said data communications network with a logon 
request; 

receiving , over said data communications network, a 
kerberos ticket in response to said user authentication 
data, said kerberos ticket comprising a randomized user 
ID; and 
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using said kerberos ticket to obtain services from 
one or more service providers on said data communications 
network wherein said one or more service providers are 
different from said authority . 

8. (Currently Amended) A program storage device readable 
by a machine, embodying a program of instructions executable by 
the machine to perform a method for obtaining a service on a 
data communications network, the method comprising: 

presenting , over said data communications network, an 

authority on said data communications network with a logon 

request ; 

receiving , over said data communications network, a 
kerberos ticket in response to said user authentication 
data, said kerberos ticket comprising a randomized user 
ID; and 

using said kerberos ticket to obtain services from 
one or more service providers on said data communications 
network wherein said one or more service providers are 
different from said authority . 
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9. (Currently Amended) An apparatus for obtaining a 
service on a data communications network, the apparatus 
comprising : 

means for presenting , over said data communications 
network, an authority on said data communications network 
with a logon request; 

means for receiving , over said data communications 
network, a kerberos ticket in response to said user 
authentication data, said kerberos ticket comprising a 
randomized user ID; and 

means for using said kerberos ticket to obtain 
services from one or more service providers on said data 
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communications network wherein said one or more service 
providers are different from said authority . 

10. (Cancelled) 

11. (Currently Amended) An apparatus for obtaining a 
service on a data communications network, the apparatus 
comprising : 

a service provider configured to accept, over said 
data communications network, a service request and 
enrollment results obtained from an enrollment authority, 
said service provider capable of communicating with said 
enrollment authority to verify said enrollment results, 
said service provider configured to provide said service 
based upon said enrollment results and a response from 
said enrollment authority. 
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